Specialist, Technology Risk and Control
What You'll Be Doing:
Clearing, Markets & Issuer Services Technology (CMIST) is responsible for application development and support for critical business systems including Repo Edge (collateral management), Enterprise Payment Hub (multi-currency payment processing), and Broker Dealer Clearance (securities clearing), along with approximately 350 other applications used by the following high-priority business services and their clients.
The CMIST Centers of Excellence govern best practices across the organization. Supporting functions include financial planning, portfolio / program / project management, technology risk management, as well as communications and employee engagement. The teams also provide strategic guidance for enterprise technology programs for application resiliency and infrastructure modernization. In addition, the COEs are responsible for production application administration and incident management, as well as mainframe development and quality engineering standards.
As a member of the Clearing, Markets and Issuer Services Technology (CMIST) Risk & Compliance Team, this role is responsible for setting the strategy for identifying, analyzing, monitoring, reporting, and minimizing information technology risks within their assigned portfolio. As a senior member of the CMIS Technology Risk team, this role will be responsible for defining, documenting and communicating standardized and proactive processes for technology risk identification, treatment, monitoring and reporting. Supports the assigned line of business in gathering information and preparing for all tech risk related reporting and meetings, i.e. internal and external audit, regulatory interaction, as well as the Key Risk Review and related meetings. Collaborates with the assigned Application managers to ensure tracking and timely remediation of risks is occurring. Supports the Risk and Control Self-Assessment (RCSA) and High Level Assessment (HLA) processes for the assigned portfolio within CMIST. Coordinates the issue and exception/acceptance processes, including self-reported issues. Provides consultative guidance on the prioritization of remediation efforts and supports new initiatives by implementing a "baked-in" automated control measurement and monitoring.
The position represents and facilitates the work of the Technology Risk and Control group areas: Risk Framework, Risk Identification and Treatment, Risk Reporting and Intelligence, Regulatory Relations and Exams, Risk Advisory, and Risk Automation. Provides guidance and collaborations with the IT Risk Analyst and team leads within the CMIST Risk Management team to ensure that processes for risk management are applied consistently throughout CMIST. Ensures that risk mitigation from policy to the Unified Control Framework is adhered to. Participates in setting the standards and practices for risk management and compliance monitoring within CMIST. Supports strategic initiatives as agreed upon by the Head of CMIST Risk & Control and the LOB CIO.
Supports Risk Framework practices and Uses in-depth knowledge of information technology, risk and control frameworks, risk and control theory and practice, and controls implementation and assessment to determine potential risks to the organization. Supports analysis and draws conclusions in order to recommend and direct any resulting change needed to mitigate risk. Responsible for implementing risk framework and identifying, analyzing, monitoring, reporting, and minimizing information technology risks. Consult and advise on all technology risk matters. Supports related risk programs: audit response, regulatory inquiry and response, etc. Manages complex projects that involve working with the businesses to improve controls to mitigate any deficiencies. Strong written and verbal communication. Communications and organization skills; team work skills. Ability to work independently or with a team. Contributes to the achievement of related teams' objectives. Qualifications Who We're Looking For:
• Bachelor's degree or equivalent combination of education and work experience required.
• 5-7 years of total work experience preferred - mixed experience in application development, computer architecture, and technology/information risk, assurance or advisory strongly preferred.
• Communication skills must range from participation in detailed technical discussions to business-oriented presentations to working closely with senior management.
• Experience in the securities or financial services industry is a plus.
• CISA, CISSP or CRISC and ISACA certifications preferred.
• Experience defining, implementing and monitoring IT risk management programs, including cyber security related risks
• Experience understanding design and operating effectiveness of IT controls and industry related frameworks BNY Mellon is an Equal Employment Opportunity/Affirmative Action Employer.
Minorities/Females/Individuals With Disabilities/Protected Veterans. Our ambition is to build the best global team - one that is representative and inclusive of the diverse talent, clients and communities we work with and serve - and to empower our team to do their best work. We support wellbeing and a balanced life, and offer a range of family-friendly, inclusive employment policies and employee forums. Primary Location:
United States-New York-New York Internal Jobcode:
Information Technology Organization:
Clearing Markets ISS Svcs Tech-HR16624 Requisition Number: